GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
9 advisories
tar has a PAX header desynchronization issue
Moderate
GHSA-3pv8-6f4r-ffg2
was published
for
tar
(Rust)
May 29, 2026
astral-tokio-tar has a PAX Header Desynchronization issue
Moderate
GHSA-3cv2-h65g-fgmm
was published
for
astral-tokio-tar
(Rust)
May 29, 2026
astral-tokio-tar is Vulnerable to PAX Header Desynchronization
Moderate
GHSA-fp55-jw48-c537
was published
for
astral-tokio-tar
(Rust)
May 6, 2026
tar-rs incorrectly ignores PAX size headers if header size is nonzero
Moderate
CVE-2026-33055
was published
for
tar
(Rust)
Mar 20, 2026
astral-tokio-tar insufficiently validates PAX extensions during extraction
Moderate
CVE-2026-32766
was published
for
astral-tokio-tar
(Rust)
Mar 17, 2026
uv allows ZIP payload obfuscation through parsing differentials
Moderate
GHSA-pqhf-p39g-3x64
was published
for
uv
(pip)
Oct 29, 2025
astral-tokio-tar has a path traversal in tar extraction
Moderate
CVE-2025-59825
was published
for
astral-tokio-tar
(Rust)
Sep 23, 2025
uv allows ZIP payload obfuscation through parsing differentials
Moderate
CVE-2025-54368
was published
for
uv
(pip)
Aug 7, 2025
markdown2 is vulnerable to cross-site scripting
Moderate
CVE-2018-5773
was published
for
markdown2
(pip)
Jul 12, 2018
ProTip!
Advisories are also available from the
GraphQL API